alwin.berger/FRET-LibAFL
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,450 Commits 19 Branches 28 Tags
Commit Graph

1450 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chaofan Shou
4e3091eace
Dump Control Flow Graph in AFLCoverage LLVM Pass (#557) 
* Allow dumping CFG in AFLCoverage pass

* Consider cases of edges from zeros to entry basic block.

* Expose public structs and traits

* linting

* fix doc

* clippy

* Remove unnecessary dependency

* add missing derive
 2022-03-02 11:19:19 +01:00
Andrea Fioraldi
8cb41366ac
Snapshot QEMU mmap_next_start (#558) 2022-03-01 16:04:20 +01:00
s1341
f4c4d9044f
Use the new bolts::cli with the frida_libpng sample (#541) 
* Use the new bolts::cli with the frida_libpng sample

* Fix comment and add must_use

* Fix windows

* Fix windows more

* Fix windows more, more

* Fix windows more, more, more

* Remove comma

* fmt
 2022-03-01 11:25:11 +01:00
Andrea Fioraldi
bf9d2b4c57
Fix snapshots in libafl_qemu (#556) 
* afl_exec_sec feature, disabled by default

* Fix snapshots in libafl_qemu

* working memory snapshots
 2022-02-28 21:23:20 +01:00
Chaofan Shou
c4fb92a1a4
Add probabilistic sampling corpus scheduler (#544) 
* Add probabilistic sampling corpus scheduler

* Linting

* Fix ToOwned error

* Move if-stmt of checking `ProbabilityMetadata` existence and revert powersched removal

* Use `Error::IllegalState` instead of `Error::DivByZero`
 2022-02-24 10:19:38 +01:00
Evan Richter
679eadcc50
Prevent dropping variables in closure hooks (#549) 2022-02-24 10:18:46 +01:00
Chaofan Shou
df84d39242
Add function call level granularity for coverage accounting (#552) 
* Add func call level granularity for coverage accounting

* code linting
 2022-02-24 10:16:12 +01:00
Andrea Fioraldi
04c8e96923
afl_exec_sec feature, disabled by default (#555) 2022-02-23 16:06:22 +01:00
Andrea Fioraldi
05b10ad56d
Fix no_std after #553 (#554) 
* Fix no_std after #553

* clippy
 2022-02-23 11:32:25 +01:00
Andrea Fioraldi
5ffddcfd4a
List observer and feedback (#553) 2022-02-23 10:26:46 +01:00
Dongjia Zhang
ef01009f30
List dependencies in readme.md (#547) 
* readme dependencies

* upd
 2022-02-22 00:20:15 +01:00
Andrea Fioraldi
95d3de0f4b
Closure hooks and on thread create hook (#542) 
* Closure hooks and on thread create hook

* on thread once hook

* clippy

* fix

* fix
 2022-02-21 18:30:02 +01:00
Tamas K Lengyel
b3d68e8f40
Add signal option to forkserver_simple (#548) 2022-02-21 16:49:04 +01:00
Dongjia Zhang
ba4cca0e15
Delete redundant makefiles (#546) 
We switched to cargo make
 2022-02-20 18:50:29 +01:00
Dongjia Zhang
fc89f2944b
Makefile.toml fix (#545) 2022-02-20 04:21:43 +01:00
Dongjia Zhang
936e2221d1
Cargo-make (#537) 
* timeout utility

* example build.toml

* upd

* ci

* Update build_and_test.yml

* Update build_and_test.yml

* rename, qemu_launcher

* libpngs

* fix

* upd

* del

* do_nothing -> unsupported

* rename

* use command

* non qemu fuzzbench

* script.sh

* mroe

* qemu

* fix

* generic

* fix

* fix

* allow 124

* quotes

* fix

* fix

* fix

* stderr to devnull

* chg
 2022-02-20 03:32:43 +01:00
Evan Richter
7150ffc5e6
[libafl_qemu] EasyElf::resolve_symbol return GuestAddr (#540) 
Also enforce Linux support at the crate level instead of item by item
 2022-02-16 21:34:56 +01:00
Andrea Fioraldi
a03d733cf9
libafl_qemu decouple hooks from the executor and QemuForkExecutor (#528) 
* QemuHooks

* option state hooks

* QemuForkExecutor

* enforce no side effects in QemuForkExecutor

* child hooks fixes

* fixes

* qemu_launcher

* examples and fixes

* fix sugar

* clippy

* fmt

* no timeout for fuzzbench_fork_qemu

* Update libafl_qemu/src/hooks.rs

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>

* clippy

Co-authored-by: Alwin Berger <50980804+alwinber@users.noreply.github.com>
 2022-02-15 22:11:24 +01:00
Dongjia Zhang
86b4ff9c2f
Set default connect address to IP (#539) 2022-02-15 17:44:58 +01:00
Andrea Fioraldi
479f9471ff
Walk the map observer using as_ref_iter() in the map feedback (#535) 
* Walk the map observer using into_iter() in the map feedback

* fmt

* map observers as iterators

* perf

* IntoMutIterator and IntoRefIterator

* Clone

* clippy
 2022-02-14 18:12:19 +01:00
Farouk Faiz
2dcdaaa89f
Intial support to Python bindings for the libafl crate (#429) 
* Add libafl py module

* Hardcoded baby_fuzzer

* Trait abstraction: MapObserver
Send type name as a param as it's needed for extracting the rust struct from the PyObject

* Fix merge

* Impl traits for python wrappers

* Add PythonExecutor
Not buildable version

* Executor trait bindings

* Monitor trait bindings

* EventManager trait bindings

* Fix warnings

* Add corpus trait bindings

* Use corpus trait bindings

* Rand trait bindings

* Remove python feature from default

* Add cfg attribute

* Fix fmt

* No std box

* Fix clippy

* turn OwnedInProcessExecutor in a simple type alias

* remove crate-type from libafl's Cargo.toml

* Add python baby_fuzzer

* Fix doc

* Maturin doc

* multiple map observer

* fmt

* build pylibafl with nightly

* macro for map element type

* Update py baby_fuzzer & fmt

* Mutator bindings

* fmt

* merge conflicts

* StdMutationalStage bindings
Not working: Cannot pass mutator to new method because not clonable

* Stage bindings

* StagesOwnedList bindings
Not working: Stage not clonable

* Unsafe transmute copy fix

* Use Stage bindings in baby_fuzzer

* fmt

* fmt

* Fix doc

* fix merge

* Remove x86_64 feature from pylibafl

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-02-14 11:41:39 +01:00
Dongjia Zhang
393afa56c8
Github workflows frida build on windows (#536) 
* Update build_and_test.yml

* Update build_and_test.yml

* clippy

* clippy

* clippy
 2022-02-13 05:10:17 +01:00
Dominik Maier
7dad2153e2
Clippy for Cargo (#532) 
* Clippy for Cargo

* clippy fixes

* clippy fixes

* edition

* fix

* wrong self hidden

* fix

* more clippy
 2022-02-11 14:34:01 +01:00
Andrea Fioraldi
a4c9d2d19e
Fix ASAN backtrace (#534) 2022-02-11 14:31:18 +01:00
Dongjia Zhang
d676363c64
Fix Forkserver Example (#533) 
* fix

* fix

* fix

* update

* change
 2022-02-11 10:41:07 +01:00
Dongjia Zhang
53bc6e2318
test_all_fuzzers.sh fix (#531) 
* fix

* fix

* fix
 2022-02-11 10:04:04 +01:00
Dongjia Zhang
42cab49f3e
Forkserver builder fix (#529) 
* fix

* fix

* fmt

* no @@

* fuzzer change

* parse_afl_cmdline

* comma
 2022-02-11 09:38:26 +01:00
Andrea Fioraldi
eb668384bb
Fix hardcoded BacktraceObserver (#530) 
* refactor BacktraceObserver and InProcessForkExecutor

* cleanup

* fix improcess

* fix

* mormanti

* win fix

* clippy

* fix backtrace_baby_fuzzers/command_executor

* win fix

* clippy
 2022-02-10 21:45:20 +01:00
Dongjia Zhang
9d38fff662
Autodict forkserver (#525) 
* Builder for ForkserverExecutor

* add

* clippy warnings

* comment

* stash

* tmp

* change

* revert

* use_shmem_feature field

* change the harness back

* wip

* wip

* revert

* works

* clippy

* Makefile fix

* doc

* clippy

* rename to program

* rename, fix, envs

* lifetime

* arg_input_file

* stash

* read autodict from forkserver

* works

* clippy & fmt

* fmt

* fix

* fix

* fmt

* better harness

* arg_input_file_std

* rename

* fix
 2022-02-10 10:27:51 +01:00
Dongjia Zhang
9482433e54
Forkserver builder (#523) 
* Builder for ForkserverExecutor

* add

* clippy warnings

* comment

* stash

* tmp

* change

* revert

* use_shmem_feature field

* change the harness back

* wip

* wip

* revert

* works

* clippy

* Makefile fix

* doc

* clippy

* rename to program

* rename, fix, envs

* lifetime

* arg_input_file

* bug fix

* arg_input_file

* builder()

* doc

* clippy & fmt

* clippy & fmt
 2022-02-09 22:07:15 +01:00
Andrea Fioraldi
63d89463a3
Improve libafl_qemu snapshots (#484) 
* mprotect

* expose EnumIter

* thread safe mem snapshot

* update qemu hash

* clippy

* child helpers

* fixes

* fix build

* fix dep
 2022-02-09 09:40:59 +01:00
Dominik Maier
6bfbdd6318
Add sdk linker flag for broken MacOS systems (#527) 2022-02-08 18:29:48 +01:00
Dominik Maier
a3345902c2
Shorthand for differential fuzzing results (#526) 
* Shorthand for differential fuzzing results

* must_use
 2022-02-08 04:07:42 +01:00
Dongjia Zhang
914bcd5c47
Frida Doc (#515) 
* draft

* add

* more newlines
 2022-02-07 23:39:53 +01:00
Dominik Maier
98fbe83c15
Differential executor, diff feedback, stdio observers for command executor (#521) 
* started diff fuzzer

* finished DifferentialExecutor

* adapt builder, more diff fuzz infra

* diff eq feedback

* stdout observer started:

* stdio observers

* stdio observers

* no_std, fixes

* no_std tests
 2022-02-06 18:20:57 +01:00
Andrea Fioraldi
1fca710813
llvm-config --libs only for apple (#522) 
* Fuck apple

* fix fuzzbench_text
 2022-02-04 11:49:02 +01:00
Sagittarius-a
2bb60fb756
Fix documentation typos (#514) 
* Fix typos in LibAFL doc comments

* Fix doc comment for ProgressReporter trait

* Remove unused comment

* Link ShMem by name in doc comment
 2022-02-03 16:31:19 +01:00
epi
3dcb191baf
Removed subcommands from FuzzerOptions (#516) 
* updated code that removes subcommands from FuzzerOptions

* updated docs, added headings

* updated test to reflect new api

* repeat requires replay

* removed global; removed Option where appropriate; housekeeping; tests

* removed unnecessary cfg check from tests
 2022-02-03 16:29:54 +01:00
Andrea Fioraldi
c561182f07
Set map observers initial value to T::default() on creation (#520) 2022-02-03 14:25:25 +01:00
Andrea Fioraldi
f527aab15e
Non weak default sanitizers options functions (#519) 2022-02-03 10:44:23 +01:00
Andrea Fioraldi
0062bab412
libafl_cc: -fsanitize=fuzzer is an alias to --libafl (#518) 
* libafl_cc: -fsanitize=fuzzer is an alias to --libafl

* no link runtime
 2022-02-02 21:47:23 +01:00
Andrea Fioraldi
465275aecb
Allow incomplete feature (#517) 
suppress the specialization feature warning
 2022-02-02 17:55:46 +01:00
Dongjia Zhang
3c4ec38d83
Win Fix (#513) 
* win_fix

* fmt

* another fmt
 2022-02-02 00:26:10 +01:00
s1341
e41b76fe31
Throw an exception on a failed new in frida ASan, instead of just returning null (#512) 2022-02-01 15:28:44 +01:00
Dongjia Zhang
fb21c4ff82
Frida Runtime Tuples (#457) 
* an attempt to make runtimes into tuples

* wip

* wip

* wipp

* getter

* refactor

* fmt

* fix

* compiles

* fuzzer change

* coverage working

* asan & less unwrap() & fixes

* inst size, fmt

* build & coverage works on asan

* amd64 fix
 2022-02-01 14:34:53 +01:00
Andrea Fioraldi
dd002a081b
Implement coverage accounting (BB metric atm) (#507) 
* bb accounting llvm pass

* bb metric

* accoutning corpus scheduler

* fix warnings

* alloc

* clippy

* fix dockerfile

* clippy

* coverage accounting example

* finish CoverageAccountingCorpusScheduler

* fmt

* --libs in llvm-config

* merge
 2022-02-01 14:08:38 +01:00
Dominik Maier
6810e6085b
Builder for CommandExecutor & Tokens Refactoring (#508) 
* builder for CommandExecutor

* tokens api cleanup, clippy

* fix doctest

* cleanup

* added testcase, remodelled

* command executor builder fix

* fix fuzzer(?)

* implemented From for configurator

* nits

* clippy

* unused

* autotokens

* cleanup

* nits

* Err instead of empty tokens

* fix tokens fn

* fix err

* more error fixing

* tokens remodelling

* typo

* recoverable fail on missing autotokens

* clippy, nostd

* asslice, into_iter, etc. for tokens

* adapt fuzzers

* iter

* fixes, clippy

* fix

* more clippy

* no_std

* more fix

* fixed typo

* cmd_executor builds again

* bring back ASAN stuff to Command Executor

* forkserver speedup

* no need to static

* back to earlier
 2022-02-01 10:10:47 +01:00
Dongjia Zhang
c61fed6ca9
Use Unix timer_* API instead of setitimer (#510) 
* fix linter errors for armv7 (docs)

* introduce HasOnCrashReset trait; use timer_* API instead of setitimer for unix TimeoutExecutor

* fixes: PR #469 annotations and CI issues

* reintroduce setitimer for apple as macOS does not feature the POSIX timer API

* more macos and windows CI fixes

* more macos and windows CI fixes cont.

* HasOnCrashReset -> HasPostRunReset

* remove drop impl for Windows TimeoutExecutor

* adjust target cfgs for timeout stuff (android also did not work)

* add call to inner post_run_reset

* remove HasPostRunReset in favor of making it a trait fn of Executor

* add post_run_reset's to CombinedExecutor

* clippy: addr_of! instead of raw pointer casts

* link librt in libafl_cc (required by timer_* API)

* minor fixes and cleanup

* remove unused import for targets other than linux

* fix win

* merge

* fix

Co-authored-by: pr0me <g33sus@gmail.com>
 2022-02-01 04:48:03 +01:00
Dominik Maier
9dfc6aa404
CI and fixes for arm32 no_std build (#511) 
* arm32 no_std fixes and clippy

* moved criterion to benches crate

* benches no longer live here
 2022-02-01 00:57:58 +01:00
Youssef
e307dfb16f
Implement backtrace observers for crash dedupe (#379) 
* create stacktrace observer

* create stacktrace feedback

* post-merge fixes

* address comments

* update Cargo.toml

* fix CI issue + dynamic naming

* duplicate baby_fizzer

* update stacktrace baby_fuzzer

* force unwinding tables

* ignore test dumps

* fix stacktrace baby_fuzzer logic

* upgrade Backtrace version

* trigger observers.post_exec in crash_handler

* implement NewHashFeedbackState and update logic

* digest symbols pointers

* cleanup

* minimal output

* fix backdated EventFirer generic param

* add baby_fuzzer example with a fork executor

* duplicate baby_fuzzer_stacktrace with forkexecutor

* backtrace collection implemented

* add c app fuzzer example with a fork executor

* group backtrace baby fuzzers

* added c code baby fuzzer with inprocess executor

* remove need for static COLLECT_BACKTRACE

* moved code to stacktrace.rs + fixed bug

* add comment

* add command executor fuzzer example

* post merge cleanup

* add missing doc

* address comment

* fix nit

* clean duplicate variable in timeout handler

* fix command executor bt collection

* clean code and use StdShMem

* cleanup

* add ObserverWithHashField + rename StacktraceObserver

* rename + refactor some code

* add CommandBacktraceObserver

* update command executor

* update baby fuzzers

* simplify BacktraceSharedMemoryWrapper

* use better names + static methods

* use std feature macro on BacktraceObserver + fix bug

* use Box in HashValueWrapper to minimize variants size diff

* use copy_from_slice

* std conditional backtrace collection

* fix std import

* fix comment

* add exit_kind to observer.post_exec

* added hash trait to Input

* collect backtrace in post_exec

* add crash handlers to InProcessForkExecutor

* fix panic message

* duplicate forkserver fuzzer example

minimal example

update

* proto bt collection working

* rename CommandBacktraceExecutor to ASANBacktraceExecutor

* refactor ASANBacktraceObserver

* support for forkserver working

* update fuzzer example

* less verbosity

* Post merge fixes

* implement hash for GeneralizedInput

* update forkserver example after merge

* clippy fixes

* fix inproc test

* fixes for cargo hack --feature-powerset

* fix baby_no_std

* implement Hash for NautilusInput

* update fork executor baby fuzzer

* fix doc

* implement Hash for PacketData

* fix windows build

* fix windows no_std

* fix backtrace baby fuzzers README

* add comments

* move setup_bt_panic to constructor

* pre/post child exec hooks in Observer

* setup_child_panic_hook

* fix ObserversOwnedMap on nightly

* add backtrace fuzzers to CI checks

* fix typo

* fix relative paths in test_all_fuzzers.sh

Co-authored-by: Andrea Fioraldi <andreafioraldi@gmail.com>
 2022-01-31 15:58:15 +01:00